Nixpkgs Security Tracker

Untriaged

Permalink CVE-2021-47865

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months ago

ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

References

ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository product
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository product
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository issue-tracking
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory

Affected products

ProFTPD

==1.3.7a

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9
- nixpkgs-unstable 1.3.9
- nixos-unstable-small 1.3.9

Package maintainers

@dpausp Tobias Stenzel <dpausp@posteo.de>
@osnyx Oliver Schmidt <os@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>
@ctheune Christian Theune <ct@flyingcircus.io>
@frlan Frank Lanitz <frank@frank.uvena.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.proftpd

Package maintainers